malwarewikiaorg-20200223-history
Cryp70n1c
Cryp70n1c or Cryp7on1c Army is a ransomware that runs on Microsoft Windows. It was discovered by MalwareHunterTeam. It is part of the HiddenTear family. Cryp70n1c seems to be part of a Ransomware as a Service (RaaS) attack, which is part of a larger wave of ransomware. Payload Transmission Cryp70n1c is distributed through hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers. Infection Cryp70n1c uses a fusion of the AES and RSA encryptions to make victims files inaccessible, targeting the user-generated files, which may include photos, music, and a variety of other commonly used file types. Cryp70n1c has been associated with several ransom notes. Cryp70n1c will mark the affected files with the file extension '.cryp70n1c' and drop a text file on the victim's computer, named 'READ_IT.txt' after encrypting the victim's files. This text file contains the following message: This computer has been hacked, our personal files have been encrypted. Send us 0,05 Bitcoin to get the decryption passcode. After that, you'll be able to get your files back again. Failure to do so within 3 days will result in all your files being deleted & lost forever - visit www.luno.com to buy Bitcoin and once you have purchased 0.05 please send them to the following Bitcoin Address 1KDQcgujZKjMgZkYSbM77pLeGSDq8walRM thank you and have a great day. If you need to contact us for any reason, please e-mail us ransom@deliveryman.com Cryp70n1c has been linked to a couple of other messages, including one where computer users are urged to join the 'Cryp70n1c Army.' The following two messages have been linked to the people responsible for the Cryp70n1c attack: We are the Cryptonic Army All data files have been locked and in 3 days they will be deleted unless you pay us Please find the text file on your desktop for instructions CRYP70N1C ARMY JOIN US AND TAKE CONTROL BACK Join us today and help deface the government and all corrupt businesses. Firstly visit Proton-mail and open a Anonymous e-mail address then proceed to step two ACCOUNT SIGNUP Once your anonymous e-mail is registered proceed to sign up, make sure to choose a strong password and username that doesnthet tie you to anything. Our server doesnthet log your IP address so no need to access this site via VPN. DOWNLOAD THE HACKING “STARTER PACK“ Once you have successfully logged in find the footer section called “MORE” this is DDOS and MYSQL Injection software we built for you, we will be training you to use it via our learning center. LAUNCH DATES & COMMUNICATION You shall find the following sections once logged in, Launch Dates will be set 2 weeks prior to attack and attack targets will we given 15 minutes prior to live attack. All communication will be done via our live chatroom. Cryp70n1c: Leader AMAZING It is a long established fact that majority always wins, power is essential and clearly our government has the upper hand. We are a core group of three experienced hackers which were responsible for the Julius Malema hack, several database dumps as well as defacing 3 government websites. But we need recruitmentthes who are willing to join in on the hacks as we need more computational power. SEE YOU ON THE DARKSIDE' *** Category:Assembly Category:Ransomware Category:Win32 ransomware Category:Win32 trojan Category:Win32 Category:Microsoft Windows Category:Trojan